1

I want to insert a password to my database using SHA1 hash I do it manually in phpmyadmin by choosing the function sha1 but how to do this using Java ??

Any Idea ? Thank you!

Souad
  • 4,856
  • 15
  • 80
  • 140
  • 1
    Did searching reveal any good leads? There are *many* duplicates. (Also, "encryption" != "hashing", which will be a better search term.) – user2246674 May 01 '13 at 18:04
  • Start with *understanding* this reply: http://stackoverflow.com/a/401684/2246674 – user2246674 May 01 '13 at 18:07
  • SHA1 is a functon of hash sorry – Souad May 01 '13 at 18:09
  • Already done for you: http://www.mindrot.org/projects/jBCrypt/ (it's not SHA1, which is good.) and http://www.java2s.com/Tutorial/Java/0490__Security/Encryptapassword.htm gives a small example (*which is not appropriate for passwords*) – user2246674 May 01 '13 at 18:09

1 Answers1

1

If you must use java:

import java.io.ByteArrayInputStream;
import java.security.MessageDigest;

public class SHACheckSumExample 
{
    public static void main(String[] args)throws Exception
    {
        MessageDigest md = MessageDigest.getInstance("SHA-1");
        ByteArrayInputStream fis = new ByteArrayInputStream(args[1].getBytes());

        byte[] dataBytes = new byte[1024];

        int nread = 0; 
        while ((nread = fis.read(dataBytes)) != -1) {
          md.update(dataBytes, 0, nread);
        };
        byte[] mdbytes = md.digest();

        //convert the byte to hex format method 1
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < mdbytes.length; i++) {
          sb.append(Integer.toString((mdbytes[i] & 0xff) + 0x100, 16).substring(1));
        }

        System.out.println("Hex format : " + sb.toString());

       //convert the byte to hex format method 2
        StringBuffer hexString = new StringBuffer();
        for (int i=0;i<mdbytes.length;i++) {
          hexString.append(Integer.toHexString(0xFF & mdbytes[i]));
        }

        System.out.println("Hex format : " + hexString.toString());
    }
}

I would, for performance reasons, suggest seeing if your database has SHA support. I know Postgres does, not sure about other systems.

hd1
  • 33,938
  • 5
  • 80
  • 91
  • 1
    SHA for passwords should not be "for performance reasons" - that's actually a good reason to *not* use a hash for passwords. While this does show an example of SHA-1 via `MessageDigest` (with a bunch of extra stuff), it is a *very poor* example of how to hash passwords in a database. No salt - rainbow table attacks, SHA-1 - brute force attacks. – user2246674 May 01 '13 at 18:11
  • I try jBCrypt and it works perfectly but i can't logging with a password which is not hashing with SHA1. because of this line in my XML file "spring-security.xml" **** – Souad May 01 '13 at 18:33
  • I FIND IT it's quit simple !! **MessageDigestPasswordEncoder encoder = new MessageDigestPasswordEncoder("SHA"); String hash = encoder.encodePassword(user.getPassword(), "");** – Souad May 01 '13 at 19:07
  • @Souad Should fix what spring uses then (and yes, both sides must agree) - glad you found a working solution, even if it is questionable. – user2246674 May 01 '13 at 19:40